Enterprise-Scale icon indicating copy to clipboard operation
Enterprise-Scale copied to clipboard
verified publisher icon Azure

Feature Request: Additional DCR's

Open MikaelJcSoderberg opened this issue 6 months ago • 2 comments

Currently there is three DCR's created in aslzArm.json

"Deploying Data Collection Rule for VMInsights if condition is true" "Deploying Data Collection Rule for Change Tracking if condition is true" "Deploying Data Collection Rule for Mdfc Defender for SQL if condition is true"

Would it be possible for Enterprise-Scale to add a forth that has the OS event logs as well?

Windows events Syslog for Linux

I know how to create it myself, but would much more like if it was included in Enterprise-Scale

MikaelJcSoderberg avatar Oct 28 '25 12:10 MikaelJcSoderberg

Or would the better solution to add more data sources to the VM insights one. Today you only add Performance Counters, would it an ok solution for you to add "Windows Events" and "Syslog" to it?

MikaelJcSoderberg avatar Oct 28 '25 12:10 MikaelJcSoderberg

Hi @MikaelJcSoderberg, will discuss with the team, however, one of the challenges would be which Windows Events or Syslogs to forwards to LA - as this could potentially add significant cost.

Springstone avatar Nov 03 '25 12:11 Springstone